|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On 02/18/2012 02:37 PM, Dominick Grift wrote:
Yes, you will need to use a local policy how Dominick wrote. This is nothing what we do not want to allow it by default.On Sat, 2012-02-18 at 14:51 +0100, Ole Jon Bjørkum wrote:Hi! I have a problem with SELinux not allowing PHP to list other users' processes with the "ps" command. If I disable SELinux with "setenforce 0" it works immediately. Is it possible to allow PHP to do this without disabling SELinux completely?Yes, something like this would probably allow it: mkdir mytest; cd mytest; echo "policy_module(mytest, 1.0.0) gen_require(` type httpd_t; attribute domain; ') ps_process_pattern(httpd_t, domain)"> mytest.te; make -f /usr/share/selinux/devel/Makefile mytest.pp sudo semodule -i mytest.pp now httpd_t should be able to ps all domains.
Thanks! Ole Jon -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
